Method and Apparatus for Use in Relation to Verifying an Association Between Two Parties

1. A method of enabling a second party to prove to a third party the existence of an association between the second party and a first party, the first party being associated with a first element of a first algebraic group, the second party being associated with a second element of a second algebraic group, the second element being formed from an identifier string of the second party using a hash function, and there being a computable bilinear map for the first and second elements, wherein the method comprises: a second-party computer entity, acting on behalf of the second party, performing the steps of: receiving a shared secret provided by the first party as the product of a first secret and the second element; computing first, second and third verification parameters, wherein the first verification parameter is a product of a second secret and said shared secret, the second verification parameter is a product of the second secret and the second element and the third verification parameter is a product of the second secret and the first element; and outputting the first, second and third verification parameters for use by the third party, wherein the first, second, and third verification parameters enable the third party to verify the association between the first and second parties by performing checks that use the first, second, and third verification parameters and public information.

2. A method according to claim 1 , wherein the second-party computer entity generates a further shared secret from the second secret and an identifier string of a fourth party, the second party outputting this further shared secret to the fourth party for use by the latter as the private key of a public/private key pair the public key of which is formed by the identifier string of the fourth party.

3. A method according to claim 1 , wherein the first and second parties are respectively parent and child trusted authorities in a hierarchy of trusted authorities.

4. A method according to claim 1 , wherein the first and second algebraic groups are the same.

5. A method according to claim 1 , wherein the first and second elements are points on the same elliptic curve.

6. A method of verifying an association between the first and second parties of claim 1 by using a function p providing said bilinear map; the method comprising a third-party computer entity carrying out the following operations using the verification parameters of claim 1 : computing the second element from the identifier string of the second party; carrying out a first check to determine that the following equality is satisfied: p(third verification parameter, computed second element)=p(first element, second verification parameter) carrying out a second check to determine that the following equality is satisfied: p(first element, first verification parameter)=p(first product, second verification parameter) where said first product is a public parameter provided by the first party and corresponds to the product of the first secret and the first element; verifying the existence of the association between the first and second parties only where checks are passed.

7. A method according to claim 6 , wherein said bilinear mapping function is based on a Tate or Weil pairing.

8. A method of verifying an association between a first party associated with a first element of a first algebraic group, and a second party associated with a second element of a second algebraic group, the first and second elements being such that there exists a bilinear mapping p for these elements, the method comprising: a third-party computer entity carrying out the following operations: receiving both data indicative of said first element, and a first product formed by the first party from a first secret and the first element; receiving in respect of the second party an identifier string and first, second and third verification parameters; computing the second element from the identifier string of the second party; carrying out a first check to determine that the following equality is satisfied: p(third verification parameter, computed second element)=p(first element, second verification parameter) carrying out a second check to determine that the following equality is satisfied: p(first element, first verification parameter)=p(first product, second verification parameter) verifying the existence of the association between the first and second parties only where checks are passed.

9. A method according to claim 8 , wherein said bilinear mapping function is based on a Tate or Weil pairing.

10. A method according to claim 8 , wherein the first and second algebraic groups are the same.

11. A method according to claim 8 , wherein the first and second elements are points on the same elliptic curve.

12. Apparatus arranged to enable a third party to verify an association between the apparatus and a first party that has a first secret and is associated with a first element of a first algebraic group, the apparatus being associated with a second element, of a second algebraic group, and the first and second elements being such that there exists a bilinear mapping p for these elements, the apparatus comprising: a memory for holding a second secret and an identifier string associated with the apparatus, means for forming said second element from said identifier string using a hash function, means for receiving from the first party a shared secret based on said first secret and said first element, and for storing this shared secret in the memory, means for computing first, second and third verification parameters, wherein the first verification parameter is a product of the second secret with said shared secret, the second verification parameter is a product of the second secret and said second element and the third verification parameter is a product of the second secret and said first element, and means for making available said identifier string and said verification parameters to the third party, wherein the first, second, and third verification parameters enable the third party to verify the association between the first party and the apparatus by performing checks that use the first, second, and third verification parameters and public information.

13. Apparatus according to claim 12 , wherein the first and second algebraic groups are the same.

14. A method according to claim 12 , wherein the first and second elements are points on the same elliptic curve.

15. Apparatus for allowing a third party to verify an association between a first party associated with a first element of a first algebraic group, and a second party associated with a second element of a second algebraic group, the first and second elements being such that there exists a bilinear mapping p for these elements, the apparatus comprising: means for receiving both data indicative of the first element, and a first product formed by the first party from a first secret and the first element; means for receiving in respect of the second party both an identifier string, and first, second and third verification parameters; a memory for holding information received through the means for receiving; means for computing the second element from the identifier string of the second party using a hash function; means for carrying out a first check to determine that the following equality is satisfied: p(third verification parameter, computed second element)=p(first element, second verification parameter); means for carrying out a second check to determine that the following equality is satisfied: p(first element, first verification parameter)=p(first product, second verification parameter); means responsive to both checks being passed, to confirm that there exists an association between the first and second parties.

16. Apparatus according to claim 15 , wherein said bilinear mapping p is based on a Tate or Weil pairing.

17. Apparatus according to claim 15 , wherein the first and second elements are points on the same elliptic curve.

18. A method of enabling a second party to prove to a third party the existence of an association between the second party and a first party, the first party being associated with a first element of a first algebraic group, the second party being associated with a second element, of a second algebraic group, formed from an identifier string of the second party using a hash function, and there being a computable bilinear map for the first and second elements, wherein the method comprises: a second-party computer entity, acting on behalf of the second party, performing the steps of: (1) receiving a shared secret provided by the first party as the product of a first secret and the second element; (2) computing: (i) a first verification parameter as the product of a second secret with said shared secret, (ii) a second verification parameter as the product of the second secret with the second element, and (iii) a third verification parameter as the product of the second secret with the first element; and (3) outputting the first, second and third verification parameters for use by the third party, wherein the first, second, and third verification parameters enable the third party to verify the association between the first and second parties by performing checks that use the first, second, and third verification parameters and public information.